Today I had to downgrade fastapi from 0.114.0 to 0.112.4 to make a software work. And it just hit me - what if pip didn’t support 0.112.4 anymore? We would lose a good piece of software just because of that.
Of course, we can “freeze” the packages into an executable that will run for as long as the OS supports it. Which is a lot longer. But the executable is closed source. We can’t see the code that is run from an executable.
Therefore, there is a need for an alternative to which we still have access to the packages even after the program is built. That would make it safely unnecessary for pip to store all versions of all packages forever more.
Any ideas?
deleted by creator
What do you mean?
I just find that if pip did not support that version anymore, the software would be lost. As that is covered by making executables, as I mentioned them. But what if I wanted to have access to the libraries that were used in the program? That wouldn’t be possible. Because all we get in the source code is the dependency fetching, not the dependencies themselves.
It would be good to have an alternative where you get all that you need to compile the code again, not depending on fetching them from websites that might not even have them anymore.
This mentality of ephemeral code just adheres to the way big tech would like to do things, with programmed obsolescence.
An alternative to that way of doing things would be nice and would make sure we get access to the same working open source program in 30 or 40 years.
I’m not sure there is a “mentality of ephemeral code” in open source projects. The source is literally available on github or similar, and anyone can mirror it as they like.
If it is popular enough, then the project is probably backed up in the github artic vault as well.
https://www.softwareheritage.org/
While I don’t know of a solution I totally get what you mean… A lot of cool projects don’t work anymore because of that…
Something similar to the container technology, where everything is packed into an image with all it’s dependencies to the correct version. The app would probably be a security nightmare, but could still work in it’s own contained system.
This sounds like a very neat technology that Linux is missing !